← Back to Explore
T1036.006
Space after Filename
Adversaries can hide a program's true filetype by changing the extension of a file. With certain file types (specifically this does not work with .app extensions), appending a space to the end of a filename will change how the file is processed by the operating system. For example, if there is a Mach-O executable file called <code>evil.bin</code>, when it is double clicked by a user, it will launch Terminal.app and execute. If this file is renamed to <code>evil.txt</code>, then when double clic...
LinuxmacOS
3
Detections
2
Sources
1
Threat Actors
BY SOURCE
2elastic1sigma
PROCEDURES (2)
Masquerad2 detections
Auto-extracted: 2 detections for masquerad
General Monitoring1 detections
Auto-extracted: 1 detections for general monitoring